Configure ISA 2000 to allow FTP

Posted on 2005-05-17
Last Modified: 2013-11-16
I've installed SBS2003 Premium and enabled ISA 2000 to act as my firewall. I'm trying to access our external web hosts FTP site from my client machine on the LAN (Windows XP SP2). I'm using Dreamweaver MX 2004 to do this. The Windows Firewall is also active on all clients and I've added a local exception on my machine for Dreamweaver.

On the ISA Server it appears that Protocol Definition for FTP is:

FTP   FTP Protocol   Application Filter   21   TCP   Outbound
FTP Download Only   FTP Download only Protocol   Application Filter   21   TCP   Outbound
FTP Server   FTP Server protocol   Application Filter   21   TCP   Inbound

The problem I have is that I wish to use Dreamweaver to access my remote site using FTP. I've configured Dreamweaver as so:

Access: FTP
FTP Host: (actual domain hidden)
Login: loginName (obviously not the Username)
Password: PasswordHere (obviously not the password)

I've tried enabling/disabling Passive FTP
Also tried enabling/disabling Use Firewall (with my Proxy settings set to SBSSERV:8080 with Firewall Port 21)

Nothing appears to work. When I enable the Use Firewall option and click Test Dreamweaver attempts to connect, I get a progress bar and it says Connecting to..., followed by Waiting for Server and then I get the following error:

An FTP error occured - cannot make connection to host
The remote host cannot be found

Any ideas?
Question by:Steven O'Neill
    LVL 51

    Expert Comment

    You need to open the control channel also - port 20.

    Are you using the built-in FTP filter or Protocol Definition?
    LVL 51

    Accepted Solution

    Actually, 21 is the control channel, 20 is the back connection from the server to send the data.  If you're attempting to use PASV then the client will make the request for the secondary channel rather than the server.

    Make sure the FTP protocol - Application Filter is enabled and hasn't been changed.

    If this ISA is behind a primary edge-firewall (like a PIX) or you have your router setup to block things, you may also need to create an Access Control list to allow the FTP server inbound port 20 to your server - just another thought.

    LVL 74

    Expert Comment

    by:Jeffrey Kane - TechSoEasy
    Have you tried connecting by using the IP address instead?  I know it sounds screwey, but give that a try and see if you can connect.

    LVL 2

    Author Comment

    by:Steven O'Neill
    Thanx for the responses. The ISA server sits behind an Intelligent Gateway 1800 (BT Office Broadband box) which has it's own built in firewall. I've set this up to allow FTP thru it to the WAN NIC on my SBS Server but may not have done this completely (need to check settings again).

    I haven't altered the protocols for FTP that ISA Sets up. I'll check them all and let you know.

    I haven't tried connecting via the IP only. I'll also try this and get back to you.
    LVL 2

    Author Comment

    by:Steven O'Neill
    Okay I've tried all the solutions offered and managed to find this doc:

    This has worked out and allows me to do what I want. So Netman66 gets the points for being in the right direction (not the exact solution but pointed me the right way).


    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now